Mar 02 06 10:27a Dan McConnell 



919 787 2749 



p.12 



Certificate of Mailing/Facsimile 37 CFR 1 8(a) 
I hereby certify that this correspondence is being: 

deposited with the United States Postal X transmitted by facsimile to 

Service as first class mail in an envelope with 571 273 8300 
sufficient postage addressed to: 



COMMISSIONER OF PATENTS 
P.O. Box 1450 
Alexandria, VA 22313-1450 




PATENT 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In re application of 
D C. Challener et al 
Serial Number: 10/063,988 
Filed: 31 May 2002 

Title: Assurance of Authentication in a 
Computer System Apparatus and 
Method 



Date: March 2, 2006 

Group Art Unit 2137 

Examiner A.S. Abyaneh 

INTERNATIONAL BUSINESS 

MACHINES CORPORATION 

Intellectual Property Law Dept. 

D-YXSA B-002/2 

P.O. Box 12195 

Research Triangle Park, NC 

27709 



Declaration of prior invention to overcome cited patent (37 C.F.R. 1.131^ 

The Commissioner of Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 



Dear Sir: 
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This declaration is to establish completion of the invention in this application 
in the United States, at a date prior to September 4, 2001 , the effective date of the 
Chen et al U.S. Published Patent application 2003/0046542 cited by the Examiner. 
This declaration is presented in response to the first Official Action in which the 
Chen et al application has been cited, mailed December 12, 2005. 

The persons making this declaration are the inventors. 

The attached Invention Disclosure document is submitted as evidence to 
establish the date of completion of the invention of this application. The dates 
appearing on the original document have been redacted. However, the declarants 
state that the redacted dates are well prior to September 4, 2001. 

The declarants further state that conception of the invention was followed by 
due diligence from the time of conception to a time just prior to the effective date of 
the reference, up to the actual reduction to practice of the invention and the filing 
of this application. 

I hereby declare that all statements made herein of my own knowledge are 
true and that all statements made on information and belief are believed to be true; 
and further that these statements were made with the knowledge that wiflful false 
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statements and the like so made are punishable by fine or imprisonment, or both, 
under Section 1 001 of Title 1 8 of the United States Code and that such willful false 
statements may jeopardize the validity of the application or any patent issued 
thereon, 



Inventor: David Carroll Challener 
Signature 

Inventor: James Hoff 



Date: s&\\lojo 



Signature: 



Date: 

Inventor: Howard J. Locker 



Signature: 



0\O i 1U- 

Da,e 3 /) / loojb 



Inventor: James P. Ward 
Signature: 

Date: 
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DIsctosunB RPS8-2001-O130 




/sHrJ Prepared for and/or by an IBM Attorney 


- IBM Confidential 


||flr Created By James Hoff On 


01:05:32 PMEDT 


Last Modified By Maura R Roberts On 


10:52:48 PMEDT 


Archived on 05/17/2003 





Required fields are marked wfth the asterisk (*)and must be fitted in to complete the form . 



*TWe of disclosure (In English) 

Secure Pin entry for TCPA 



Summary 



Status 


Final Decision (Rto) 


Final deadline 


Final deadline reason 


Docket fam'tly 


RPS9-2WK-0O47 


* Processing location 


Ralalori-RPS 


* Functional area 


(DESKTOP SYSTEMS) DESKTOP SYSTEMS 


Attorney/Patent professional 


George Grosser/ReJefgjtVlBM 


Invention development team (IDT) 


Cnrfe DombrovvsKj/RateigMBM 




Rick DayarWRaWgh/IQM 




Paul Benson/Raie^i/IBM 




Dave CtialenerfUSA^nDuo/lDE 




Scott Dunham/RateloJVIBM 




Ben Grtmes/RaJefgtVtBW 




Andy McNeftl/Raieigh/lBM 




HowanJ LocKerftJS/LertOTo/lDE 




Jerry PearceAJSltenovo/fD£ 




Joseph Lee/RalelghffBM 




David Rroades/RalelghflBM 




Miriam M Davts/RalefgrVTBM 




Randy Sprlnflfietd/ Raleigh/BM 


Submitted date 


■ 00*2:47 AMEDT 


* Owning division 


PCD 


Incentive program 


(lNCi3) PC and xSerms Server 


Lab 


* Tech n o! ogy code 


Patent value tool (PVT) score 



Inventors with a Blue Pages entry 

Inventors: James HoWUS/Le*ovo/1DE^BMUS. J&n Wart/ftalefgh/lBM, Dave ChalenerAJS^enovortDEaiBMUS. Howard 
Loc*cer/US^erK)VO^DE@Jbrnus 

Inventor Inventor 
hwentprName Serfs] Drv/Dopi Phone Manager Nam* 

U?ckor > Howard ■ ±^£^W 

> denotes pnrary contact — *— a^-i — 1 r ■ 1 1 1 ' ' » v > — — 

Inventors without a Blua Pages entry 

Invention Development Team Information 
Main Idea 
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RPSS-2QO1-O130 Secure Pin entry for TCPA - continued 



To view the Main Idea of this disclosure, opart the "Main idea 11 document from the view 
*OUJcal Questions (Questions 1-9 must be answered in English) 



"Question 1 




On what date was the invention workable? Please format the date as 


MM/DD/YYYY 


(Workable means i.e. whan you know that your design will solve the problem) 






"Question 2 




Is there any planned or actual publication or disclosure of your invention to 


• NO 


anyone outside IBM? 




if yes. Enter the name of each publication or patent and the date published below. 


POWteaBorVPetent 




Dale Published or Issued: 




Are you aware of any publications, products or patents that relate to this 


O Yes 


invention? 





If yes. Enter the name of each publication or patent and the date published below. 

Publication/Patent: 
Date Published or Issued: 



"Question 3 


O ves 


Has the subject matter of the invention or a product incorporating the invention 


#Mo 


been sold, used internally in manufacturing, announced for sale, or included in 


a 


proposa*? 




Is a sale, use in manufacturing, product announcement, or proposal planned? 


• Yes 

OHo 



If Yes, identify the product if known and indicate the date or planned date of sale, announcements, or 
proposal and to whom the sale; announcement or proposal has been or will be made. 



Product 1q02 Oesktop/Trdhkpad 
Version/Release: 
Code Name: 

Date:lq02 
To Wtiom: 

tf more than one, use cut and paste and append as necessary in the field provided. 

'Question 4 O Yes 

Was the subject matter of your invention or a product Incorporating your # No 

invention used in public, ag., outside IBM or in the presence of non-tBMers? 

If yes. give a date. Please format the date aa MM/DD/YYYY 



'Questions " " fl Y ' ee 

Have you ever discussed your invention with others not employed at IBM? » No 

tf yes, identify individuals and date discussed. FBI in the text area with the following Information, the 
names of the individuals, the employer, date discussed, under CDA, and CDA#. 



'Question 6 q Yes 

Was the invention, In any way, started or developed under a government • No 

contractorproject? Q NotSire 

If Yes, enter the contract number 
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RPS 8-2001 -01 30 Secure Pin entry for TCPA - continued 



♦Question 7 O Yes 

Was the inventio n made ki the course of any alliance, foi nt development or other # no 
contract activities? O Not sura 

If Yes, enter the following: • 

Name of Alliance, Contractor or Joint Developer 
~ ~~ ~*~ Contract 10 number 



Relationship contact name 
Relationship contact E-roail 
Relationship contact phone 



♦Question 8 " O Yes 

Have you. or any of the other inventors, submitted thfs same invention • no 

disclosure or similar invention disclosure previously? 

If Yes, please provide disclosure number below: 



•Question* 

Are you, or any of the other inventors, aware of any related inventions • No 

disclosures submitted by anyone In IBM previously? 

If Yes, please provide the docket or disclosure number or any other identifying information below: 



Question 10 

What type of companies do you expect to compete with inventions of this type? Check alt thatappfy. 

Q Manufacturers of enterprise servers 
[S Manufecluners of entry servers 

Manufacturers of workstations 
13 Manufacturers of PC's 
D Non-computer manufacturers 
is Developers of operating systems 

Developers of networking software 

Developers of application software 
S3 Integrated solution providers 

□ Service providers 

□ Other (Please specify oefow) 



Question 11 

If the invention relates to a product or service that is outside the scope of your business unit, please 
recommend IBM business unltfs), IBM locatfon(s) or individual<s) within IBM that you think would 
provide a good evaluation of your invention: 



•Patent Value Tool (Optional - this may be used by the Inventor and attorney to assist with the evaluati. 

Evaluation 

Search Information 

Search Office Information 

Final Decision 

Post Disclosure Text & Drawings 
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Main Idea for Disclosure RPSS-2001-01 30 - continued 




Main Idea for Disclosure RPS8-2001-0130 

Prepared for andfor by an IBM Attorney - IBM Confidential 

Archived On 01 :0Z1 1 AM 



Title of disclosure (in English) 

Secure Pin entry forTCPA 

Main Idea 

1 . Describe your Invention, stating the problem solved (if appropriate), and indicating the advantages of 
using the Invention. 

IBM is a charter member of TCPA (Trusted Platform Security Alliance)- The product of this consortium is 
a security chip in desktop systems that allows for secure cryptographic operations (such as digital 
signature) as weH as system integrity measurements. These systems can guarantee that a digital 
signature originated in a particular platform, but they cannot as yet guarantee that it was done at the 
behest of a user sitting at the keyboard . Furthermore, a method is needed to protect against 'trojan horse' 
sniffer level attacks whereby the valid user authorization is recorded and then replayed at a later time. 

This invention provides a secure path to the IBM TCPA chip so that pin entry is not snHfable by software. 



2. How does the invention solve the problem or achieve an advantage, (a description of the invention", 
including figures inline as appropriate)? 

Basically we note that the chip Is no longer soldered on the motherboard, but is now on a daughterboard, 
plugged into the motherboard. As such, with authorization, ft is possible to unplug the card and put in an 
interposer between the card and the motherboard. This interposer would normally do nothing, but at such 
time as a PIN were required, instead of entering the pin through the keyboard where it would be 
transmitted to the daughter card over a sraffa ble bus, the pin would be enterred into a keypad that would 
directly enter the PIN Into the daughter card. 

This interposer/keypad is idea) for our business as it 

1) adds no cost to the product 

2) Can be charged for by those interested in lightened security 

3) Solves the trusted path problem we are asked about by customers 

Specifically, we teach the following implementation: 

The interposer would intercept an keyboard input before it is routed to the superio (kbclk and kbdata 
signals), tf the "trusted pin 11 switch Is on (high), then the keyboard PIN data would be rerouted to the TPM. 
otherwise It is passed through to the superio. The Trusted Pin Switch would be implemented by a GPIO 
signal that Is controllable by software. First generation TPMs are EJPC devices. Therefore the interposer 
requires an LPC interface with the TPM to communicate the PIN data. This Implies that thB interposer can 
act as a bus master on the LPC bus. 



1. ) TSS sends a "Secure PIN Command" to the Interposer . The secure pin command only contains the 
tag, ordinal, and any data non-authorization data. 

2. ) The interposer filters all keyboard input following successful receipt of Secure Pin Command. 

3. ) Interposer receives input from the keyboard and buffers the PIN data. 

4. ) Interposer initiates an Authorization Session with the TPM by sending TPM OAIP command. 

5. ) TPM 

-creates a session 
-Creates a Handle HO 
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Main Idea for Disclosure RPS8-2001-0130 - continued 

-Generates Nonce NO 
-Saves NO and HO 

6. ) TPM 

-sends (NO^HQ) on the wire to Interposer. 

7. ) Interposer 

-Generates N1 

-Computes Authorization - HMAC( PJN data, Ordinal, ...etc) .as outlined by the TCPA spec for 
each command. 

8. ) Interposer 

-sends HMAC(PIN data.Ordrnal_.etc) on the wire. 

9. ) TPM 

-Retrieves NO and Actual PIN data, {previously stored data) 

-Computes HMAC( Actual PIN, Ordinal. ...) 

-Verity computation with Authorization packet sent from Interposer. 

-If they do no compare return TPMJEJnvalidAuth 
-Execute Secure Pin Command and generate return code. 

-Destroy the Session (This assumes that Authorization must be performed for EVERY Secure Pin 
uimmana) 

-Release the Secure PIN GPIO 

SSjZS^I T "ST 5f TIT^f **? HMAC £tfUCture ' this device need not be put as an interposer to 
St^s^d^| U c?ev^ ty P anywhere that the *>mputer has access to. The important thing is 
1) Be mutable by software as a virtual interposer to the TPM 

2 Z^f?!!!™?! !hB p3SS phrase which generates the PIN data not be in a memory location sniffable by the 
rest oi ine system 

3) The calculation of the HMAC be done internal to the device 

4) The results be sent on their way to the TPM 

->» 

3. if the same advantage or problem has been fdentffied by others (inside/outside IBM), how have those 
others solved it and does your solution differ and why rs it better? 

dJIJ?^^ product or P rotot yP°. delude technical detalte, purpose, disclosure 

oetaiis to others and the date of that implementation. 
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